altimate-receipts 0.18.0 → 0.18.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{chunk-DNKSESAA.js → chunk-3R25IDH5.js} +4 -4
- package/dist/{chunk-FPDXOAYN.js → chunk-JWDZLJDG.js} +46 -2
- package/dist/chunk-JWDZLJDG.js.map +1 -0
- package/dist/{chunk-IDAIDLZT.js → chunk-LYLHXQAU.js} +2 -1
- package/dist/chunk-LYLHXQAU.js.map +1 -0
- package/dist/{chunk-UTOGDDME.js → chunk-UADWOMMH.js} +2 -2
- package/dist/{chunk-YO6MVZTD.js → chunk-VKT2ZUCT.js} +4 -3
- package/dist/chunk-VKT2ZUCT.js.map +1 -0
- package/dist/cli.js +5 -5
- package/dist/gen-catalog.js +2 -2
- package/dist/index.js +4 -4
- package/dist/mcp/server.js +3 -3
- package/package.json +1 -1
- package/dist/chunk-FPDXOAYN.js.map +0 -1
- package/dist/chunk-IDAIDLZT.js.map +0 -1
- package/dist/chunk-YO6MVZTD.js.map +0 -1
- /package/dist/{chunk-DNKSESAA.js.map → chunk-3R25IDH5.js.map} +0 -0
- /package/dist/{chunk-UTOGDDME.js.map → chunk-UADWOMMH.js.map} +0 -0
|
@@ -15,17 +15,17 @@ import {
|
|
|
15
15
|
redactReceipt,
|
|
16
16
|
renderLedger,
|
|
17
17
|
windowedEffort
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-JWDZLJDG.js";
|
|
19
19
|
import {
|
|
20
20
|
FIX_FOR,
|
|
21
21
|
categorize
|
|
22
|
-
} from "./chunk-
|
|
22
|
+
} from "./chunk-VKT2ZUCT.js";
|
|
23
23
|
import {
|
|
24
24
|
destructiveOutsideRepo,
|
|
25
25
|
findingSurface,
|
|
26
26
|
privileged,
|
|
27
27
|
regenerableBuildArtifact
|
|
28
|
-
} from "./chunk-
|
|
28
|
+
} from "./chunk-LYLHXQAU.js";
|
|
29
29
|
|
|
30
30
|
// src/receipt/canonical.ts
|
|
31
31
|
function canonicalize(value) {
|
|
@@ -996,4 +996,4 @@ export {
|
|
|
996
996
|
rederiveFromTranscript,
|
|
997
997
|
compareToTranscript
|
|
998
998
|
};
|
|
999
|
-
//# sourceMappingURL=chunk-
|
|
999
|
+
//# sourceMappingURL=chunk-3R25IDH5.js.map
|
|
@@ -3,7 +3,7 @@ import {
|
|
|
3
3
|
destructiveOutsideRepo,
|
|
4
4
|
regenerableBuildArtifact,
|
|
5
5
|
regenerableReceiptRm
|
|
6
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-LYLHXQAU.js";
|
|
7
7
|
|
|
8
8
|
// src/findings/gitParse.ts
|
|
9
9
|
var WRAPPER = /* @__PURE__ */ new Set(["sudo", "env", "nohup", "command", "stdbuf", "time", "timeout", "xargs"]);
|
|
@@ -2814,6 +2814,48 @@ function deriveMcpFindings(sum) {
|
|
|
2814
2814
|
}
|
|
2815
2815
|
];
|
|
2816
2816
|
}
|
|
2817
|
+
var MCP_CONFIG_FILE = /(?:^|\/)\.mcp\.json$|(?:^|\/)\.(?:cursor|vscode)\/mcp\.json$|(?:^|\/)claude_desktop_config\.json$|(?:^|\/)mcp\.json$/i;
|
|
2818
|
+
var SERVER_ENDPOINT = /"(?:command|url)"\s*:\s*"((?:[^"\\]|\\.)*)"/g;
|
|
2819
|
+
var endpointValues = (text) => {
|
|
2820
|
+
const out = [];
|
|
2821
|
+
for (const m of text.matchAll(SERVER_ENDPOINT)) {
|
|
2822
|
+
out.push(m[1]);
|
|
2823
|
+
}
|
|
2824
|
+
return out;
|
|
2825
|
+
};
|
|
2826
|
+
function deriveMcpConfigFindings(sum) {
|
|
2827
|
+
for (const s of sum.spans) {
|
|
2828
|
+
if (s.kind !== "tool" || typeof s.name !== "string" || !isEditTool(s.name)) {
|
|
2829
|
+
continue;
|
|
2830
|
+
}
|
|
2831
|
+
const fp = filePathOf(s.input);
|
|
2832
|
+
if (!fp || !MCP_CONFIG_FILE.test(fp)) {
|
|
2833
|
+
continue;
|
|
2834
|
+
}
|
|
2835
|
+
const { oldStr, newStr } = editBody(s.input);
|
|
2836
|
+
const before = new Set(endpointValues(oldStr));
|
|
2837
|
+
const added = endpointValues(newStr).filter((v) => !before.has(v));
|
|
2838
|
+
if (added.length === 0) {
|
|
2839
|
+
continue;
|
|
2840
|
+
}
|
|
2841
|
+
const base6 = fp.split("/").pop() ?? fp;
|
|
2842
|
+
return [
|
|
2843
|
+
{
|
|
2844
|
+
id: `mcp-config-change-${s.spanId}`,
|
|
2845
|
+
severity: "high",
|
|
2846
|
+
title: `Added or repointed an MCP server in ${base6}`,
|
|
2847
|
+
detail: `An edit to \`${base6}\` introduced or changed an MCP server endpoint (\`${added[0]}\`) \u2014 it grants the agent (and future agents on this branch) a new external tool surface with whatever credentials that server holds, which the source diff doesn't otherwise show. Review the new server's source and scopes before merging.`,
|
|
2848
|
+
impactLabel: "MCP authority change",
|
|
2849
|
+
confidence: 0.85,
|
|
2850
|
+
score: 100 * 0.85,
|
|
2851
|
+
evidenceSpanId: s.spanId,
|
|
2852
|
+
filePath: fp,
|
|
2853
|
+
guardrailRule: "Adding or repointing an MCP server expands the agent's authority \u2014 review the server's source and scopes as part of the change."
|
|
2854
|
+
}
|
|
2855
|
+
];
|
|
2856
|
+
}
|
|
2857
|
+
return [];
|
|
2858
|
+
}
|
|
2817
2859
|
|
|
2818
2860
|
// src/findings/persistenceFindings.ts
|
|
2819
2861
|
var AUTORUN_PATH = /(?:^|\/)\.(?:bashrc|zshrc|bash_profile|zprofile|profile|bash_login|zshenv)$|(?:^|\/)\.config\/fish\/config\.fish$|^\/etc\/profile(?:\.d\/.+)?$|(?:^|\/)Library\/LaunchAgents\/[^/]+|^\/Library\/Launch(?:Daemons|Agents)\/[^/]+|^\/etc\/systemd\/system\/[^/]+|(?:^|\/)\.config\/systemd\/user\/[^/]+|^\/etc\/cron[^/]*|^\/var\/spool\/cron\//i;
|
|
@@ -3093,6 +3135,8 @@ var DETECTORS = [
|
|
|
3093
3135
|
{ name: "sensitive-access", fn: (s) => deriveSensitiveAccess(s) },
|
|
3094
3136
|
// MCP external side-effects (M105): mutating MCP tool calls the diff can't show
|
|
3095
3137
|
{ name: "mcp", fn: (s) => deriveMcpFindings(s) },
|
|
3138
|
+
// MCP config change (M113): a new/repointed MCP server in a config edit — authority expansion
|
|
3139
|
+
{ name: "mcp-config", fn: (s) => deriveMcpConfigFindings(s) },
|
|
3096
3140
|
// command-pattern security (M106/108/109/110/111/112): metadata egress, untrusted dep source,
|
|
3097
3141
|
// TLS-disable, setuid, obfuscated exec, masked verification failure
|
|
3098
3142
|
{ name: "command-security", fn: (s) => deriveCommandSecurityFindings(s) },
|
|
@@ -5675,4 +5719,4 @@ export {
|
|
|
5675
5719
|
redact,
|
|
5676
5720
|
redactReceipt
|
|
5677
5721
|
};
|
|
5678
|
-
//# sourceMappingURL=chunk-
|
|
5722
|
+
//# sourceMappingURL=chunk-JWDZLJDG.js.map
|